function verify($pseudo, $password, $password_verification, $email) { //verification pseudo $pseudo_verification = verify_pseudo($pseudo); //verification mots de passe $passwords_verification = verify_passwords($password, $password_verification); //verification email $email_verification = verify_email($email); return $pseudo_verification and $passwords_verification and $email_verification; }
function nm_invite_email($emails, $message) { $user = wp_get_current_user(); $subject = 'Join ' . nm_user_public_name($user->ID) . ' at ' . get_bloginfo() . '!'; $emails = explode(',', $emails); $headers = ""; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: admin@hotcars.com' . "\r\n"; $headers .= 'Subject: ' . $subject . "\r\n"; $email_message = '<html><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Join me at ' . get_bloginfo() . '!</title></head> <body style="font-family:Verdana, Arial, Helvetica, sans-serif;color:#fff;font-size:13px;background:#000;color:#fff;"> <!-- top --> <table cellspacing="0" cellpadding="0" border="0" align="center" style="border:#000 1px solid;padding:0;width:548px;"> <tr> <td valign="top" style="width:358px;height:91px;padding:0 0 1px 0;background:#000;vertical-align:top;"> <a href="' . get_bloginfo('wpurl') . '" style="text-decoration:none;margin:0;padding:0;"><img src="' . get_bloginfo('stylesheet_directory') . '/images/email/header1.jpg" width="358" height="91" border="0" style="margin:0;padding:0;" alt="' . get_bloginfo() . ' logo" /></a> </td> <td valign="top" style="width:190px;height:91px;padding:0 0 1px 0;background:#000;vertical-align:top;"> <a href="' . get_bloginfo('wpurl') . '/forums/register.php" style="text-decoration:none;margin:0;padding:0;"> <img src="' . get_bloginfo('stylesheet_directory') . '/images/email/header2.jpg" width="190" height="91" border="0" style="margin:0;padding:0;" alt="Login to ' . get_bloginfo('wpurl') . '" /> </a> </td> </tr> <tr> <td colspan="2" valign="top" style="width:518px;padding:20px 15px 20px 15px;font-family:Verdana, Arial, Helvetica, sans-serif;font-size:13px;background:#333;color:#fff;"> <div style="font-size:16px;font-weight:bold;padding:0 0 6px 0;color:#fff;">Check out <a style="color:#fff;" href="' . get_bloginfo('wpurl') . '">' . get_bloginfo(wpurl) . '</a>!</div> <strong>' . nm_user_public_name($user->ID) . '</strong> has personally invited you to join ' . get_bloginfo() . ':<br /><br /> <span style="padding-left:10px;"><em>' . $message . '</em></span><br /><br /> <a style="color:#fff;" href="' . get_bloginfo('wpurl') . '/forums/register.php">Sign up today</a>!<br /><br /> </td></tr></table></body></html>'; for ($i = 0; $i < count($emails); $i++) { $emails[$i] = trim($emails[$i]); if (verify_email($emails[$i])) { global $wpdb; mail($emails[$i], $subject, $email_message, $headers); $errors = "<p class='message success'>Your Friend Invitations have been successfully sent!</p>"; } } return $errors; }
function email_verifier($email) { if (verify_email($email)) { // E-mail address looks to be in the proper format // lets check the MX records if (verify_email_dns($email)) { // E-mail passed both checks // echo 'Success - E-mail address appears to be valid.'; } else { // E-mail is invalid, no MC record echo "<script>alert('Error - E-mail domain does not have an MX record.');</script>"; echo "<script>top.window.location='post_cv.php';</script>"; exit; } } else { // E-mail inst formatted correctly // so we don't even check its MX record echo "<script>alert('Error - E-mail address appears to be invalid.');</script>"; echo "<script>top.window.location='post_cv.php';</script>"; exit; } }
if (!$user_row) { exit(json_encode(array('error' => 'internal_error'))); } if (!password_verify($old_password, $user_row['hash'])) { exit(json_encode(array('error' => 'invalid_credentials'))); } $change_email = ""; if ($user_row['email'] !== $email) { $valid_email_regex = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+" . "@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?" . "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/"; if (!preg_match($valid_email_regex, $email)) { exit(json_encode(array('error' => 'invalid_email'))); } $result = $conn->query("SELECT COUNT(id) AS count FROM users WHERE email = '{$email}'"); $matching_email_row = $result->fetch_assoc(); if ($matching_email_row['count'] !== '0') { exit(json_encode(array('error' => 'email_taken'))); } $escaped_email = $conn->real_escape_string($email); $change_email = "email = '{$escaped_email}', email_verified = 0"; verify_email($user, $user_row['username'], $email); } $change_password = ""; if ($new_password !== '') { $hash = password_hash($new_password, PASSWORD_BCRYPT); $change_password = "******"; } $set_clause = implode(', ', array_filter(array($change_email, $change_password))); if ($set_clause) { $conn->query("UPDATE users SET {$set_clause} WHERE id={$user}"); } exit(json_encode(array('success' => true)));
echo "<script>location.href = 'index.php'</script>"; } else { } ?> </div> </div> </section> <!-- Footer --> <?php include "templates/footer.html"; if (isset($_POST['newm'])) { echo "<script>location.href = '#openMessage'</script>"; } else { if (isset($_POST['send'])) { if (verify_email($_POST['to'], $result) == 1) { session_start(); $variable = $_SESSION['usuario']; $sql0 = "select nombre,apellidos from usuarios where usuario = '" . $variable . "';"; $resul_co = mysqli_query($con, $sql0); while ($row = mysqli_fetch_array($resul_co)) { $nombre = $row[0] . " " . $row[1]; } $sql1 = "select usuario from usuarios where email = '" . $_POST['to'] . "';"; $resul_co1 = mysqli_query($con, $sql1); while ($row1 = mysqli_fetch_array($resul_co1)) { $para = $row1[0]; } $fecha = date("j/m/Y, g:i a"); $insert_user = "******" . $para . "','" . $nombre . "',null,'" . $fecha . "','" . $_POST['asunto'] . "','" . $_POST['message'] . "')"; $r_query1 = mysqli_query($con, $insert_user);
function main_validation($email, $password1, $password2, $fname, $lname, $sex) { if (verify_email($email) == true and verify_password($password1, $password2, $lname) == true and validate_sex($sex) == true) { //$username = validate_username($username); $password = sha1($password1); $cxn = $GLOBALS['cxn']; $last_ip = $_SERVER['REMOTE_ADDR']; $priv = "user"; $query = "INSERT INTO user_list (email, password, first_name, last_name, date_added, last_login, last_ip, privlege_level, sex) \n\t\t\t\tVALUES(?, ?, ?, ?, NOW(), NOW(), ?, ?, ?)"; $stm2 = $cxn->prepare($query); if ($GLOBALS['$debug'] == true) { echo $email . "..." . $password . "..." . $fname . "..." . $lname . "..." . $last_ip . "..." . $priv . "..." . $sex; } $stm2->bind_param("sssssss", $email, $password, $fname, $lname, $last_ip, $priv, $sex); $stm2->execute(); $stm2->close(); // pull user ID for session data $uid = get_user_id($email); //// set session infos $_SESSION['signed_in'] = true; $_SESSION['fname'] = $fname; $_SESSION['email'] = $email; $_SESSION['user_id'] = $uid; $_SESSION['privleges'] = "user"; //$_SESSION['city'] = $city; //$_SESSION['state'] = $state; return true; } else { $_SESSION['signed_in'] = false; return false; } }
function do_userform($formatter, $options) { global $DBInfo; $user =& $DBInfo->user; # get cookie $id = !empty($options['login_id']) ? $options['login_id'] : ''; $use_any = 0; if (!empty($DBInfo->use_textbrowsers)) { if (is_string($DBInfo->use_textbrowsers)) { $use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } else { $use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0; } } $options['msg'] = ''; # e-mail conformation if (!empty($options['ticket']) and $id and $id != 'Anonymous') { $userdb =& $DBInfo->udb; $suspended = false; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); } else { if ($userdb->_exists($id, 1)) { // suspended user $suspended = true; $user = $userdb->getUser($id, 1); } } if ($user->id == $id) { if ($user->info['eticket'] == $options['ticket']) { list($dummy, $email) = explode('.', $options['ticket'], 2); $user->info['email'] = $email; $user->info['eticket'] = ''; if ($suspended) { if (empty($DBInfo->register_confirm_admin)) { $userdb->activateUser($id); $userdb->saveUser($user); } else { $userdb->saveUser($user, array('suspended' => 1)); } } else { $userdb->saveUser($user); } $title = _("Successfully confirmed"); $options['msg'] = _("Your e-mail address is confirmed successfully"); if (!empty($DBInfo->register_confirm_admin)) { $options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin"); } } else { if ($user->info['nticket'] == $options['ticket']) { $title = _("Successfully confirmed"); $user->info['nticket'] = ''; $user->info['password'] = $user->info['npassword']; $user->info['npassword'] = ''; $userdb->saveUser($user); $options['msg'] = _("Your new password is confirmed successfully"); } else { $title = _("Confirmation missmatched !"); $options['msg'] = _("Please try again to register your e-mail address"); } } } else { if ($suspended) { $title = _("Please wait until your ID is confirmed by admin!"); } else { $title = _("ID does not exist !"); } $options['msg'] = _("Please try again to register your e-mail address"); } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); $formatter->send_footer("", $options); return ''; } $title = ''; if ($user->id == "Anonymous" and !empty($options['emailreset'])) { setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname()); $options['msg'] .= '<br />' . _("Verification E-mail removed."); $options['verifyemail'] = ''; $user->verified_email = ''; } else { if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) { $email = base64_decode($options['login']); $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10)); if ($ticket == $options['verify_email']) { $options['msg'] .= '<br />' . _("Your email address is successfully verified."); $user->verified_email = $email; setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname()); } else { $options['msg'] .= '<br />' . _("Verification missmatched."); } } else { if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) { if (($ret = verify_email($options['verifyemail'])) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it."); } else { if (!empty($DBInfo->verify_email)) { if ($DBInfo->verify_email == 1) { $options['msg'] .= '<br/>' . _("Your email address is successfully verified."); setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname()); } else { $opts = array(); $opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address"); $opts['email'] = $options['verifyemail']; $opts['id'] = 'nobody'; $ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10)); $enc = base64_encode($opts['email']); $body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}")); $body = _("Please confirm your e-mail address") . "\n" . $body . "\n"; $ret = wiki_sendmail($body, $opts); $options['msg'] .= '<br/>' . _("E-mail verification mail sent"); } } } } else { $options['msg'] .= '<br/>' . _("Your email address is not valid"); } } else { if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) { if (method_exists($user, 'login')) { $user->login($formatter, $options); $params = array(); $params['value'] = $options['page']; do_goto($formatter, $params); return; } # login $userdb = $DBInfo->udb; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); $login_ok = 0; if (!empty($DBInfo->use_safelogin)) { if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) { #print '<pre>'; #print $options['password'].'<br />'; #print hmac($options['challenge'],$user->info['password']); #print '</pre>'; if (hmac($options['challenge'], $user->info['password']) == $options['password']) { $login_ok = 1; } } else { # with no javascript browsers $md5pw = md5($options['password']); if ($md5pw == $user->info['password']) { $login_ok = 1; } } } if ($login_ok or $user->checkPasswd($options['password']) === true) { $options['msg'] = sprintf(_("Successfully login as '%s'"), $id); $options['id'] = $user->id; if ($user->id == 'Anonymous') { // special case. login success but ID is not acceptable $options['msg'] = _("Invalid user ID. Please register again"); } else { $formatter->header($user->setCookie()); if (!isset($user->info['login_success'])) { $user->info['login_success'] = 0; } if (!isset($user->info['login_fail'])) { $user->info['login_fail'] = 0; } $user->info['login_success']++; $user->info['last_login'] = gmdate("Y/m/d H:i:s", time()); $user->info['login_fail'] = 0; // reset login $user->info['remote'] = $_SERVER['REMOTE_ADDR']; $userdb->saveUser($user); $use_refresh = 1; } $DBInfo->user = $user; } else { $title = sprintf(_("Invalid password !")); if (!isset($user->info['login_fail'])) { $user->info['login_fail'] = 0; } $user->info['login_fail']++; $user->info['remote'] = $_SERVER['REMOTE_ADDR']; $userdb->saveUser($user); $user->setID('Anonymous'); } } else { if (isset($options['login_id'][0])) { if ($userdb->_exists($id, 1)) { // suspended user $title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']); } else { $title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']); } $options['login_id'] = ''; } else { $title = _("Make new ID on this wiki"); } $form = macro_UserPreferences($formatter, '', $options); } } else { if (!empty($options['logout'])) { # logout header($user->unsetCookie(), false); if (session_name() != '') { $path = get_scriptname(); // for moniwiki internal header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false); // for some user plugins $params = session_get_cookie_params(); header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false); } // call logout method if (method_exists($user, 'logout')) { $user->logout($formatter, $options); } else { $options['msg'] = _("Cookie deleted !"); } $user->id = 'Anonymous'; $DBInfo->user = $user; $use_refresh = 1; } else { if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) { # email new password $title = ''; if (!$use_any and $DBInfo->use_ticket) { if ($options['__seed'] and $options['check']) { $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4); if ($mycheck == $options['check']) { $ok_ticket = 1; } else { $title = _("Invalid ticket !"); } } else { $title = _("You need a ticket !"); } } else { $ok_ticket = 1; } $userdb =& $DBInfo->udb; if ($userdb->_exists($id)) { $user = $userdb->getUser($id); } if ($ok_ticket and $user->id != "Anonymous") { if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') { #make new password $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10)); $mypass = substr($mypass, 0, 8); $options['password'] = $mypass; $old_passwd = $user->info['password']; if ($DBInfo->use_safelogin) { $ret = $user->setPasswd(md5($mypass), md5($mypass), 1); } else { $ret = $user->setPasswd($mypass, $mypass); } $new_passwd = $user->info['password']; $user->info['password'] = $old_passwd; $user->info['npassword'] = $new_passwd; #make ticket $ticket = md5(time() . $user->id . $options['email']); $user->info['nticket'] = $ticket . "." . $options['email']; // save join agreement if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $user->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $user->info['join_agreement_version'] = $DBInfo->agreement_version; } } $userdb->saveUser($user); # XXX $opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation"); $opts['email'] = $options['email']; $opts['id'] = 'nobody'; $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body = _("Please confirm your new password") . "\n" . $body . "\n"; $body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n"; $body .= _("Please change your password later") . "\n"; $ret = wiki_sendmail($body, $opts); if (is_array($ret)) { $title = _("Fail to e-mail notification !"); $options['msg'] = $ret['msg']; } else { $title = _("New password is sent to your e-mail !"); $options['msg'] = _("Please check your e-mail"); } } else { if ($options['email'] != $user->info['email']) { $title = _("Fail to e-mail notification !"); $options['msg'] = _("E-mail mismatch !"); } else { $title = _("Invalid request"); $options['msg'] = _("Please confirm your e-mail address first !"); } } } else { if (!$ok_ticket) { $title = _("Invalid ticket !"); } else { $title = _("ID and e-mail mismatch !"); } $options['msg'] = _("Please try again or make a new profile"); } $formatter->send_header("", $options); $formatter->send_title($title, "", $options); $formatter->send_footer("", $options); return; } else { if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) { # create profile $title = ''; if (!$use_any and !empty($DBInfo->use_ticket)) { if ($options['__seed'] and $options['check']) { $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4); if ($mycheck == $options['check']) { $ok_ticket = 1; } else { $title = _("Invalid ticket !"); } } else { $title = _("You need a ticket !"); } } else { $ok_ticket = 1; } $id = $user->getID($options['login_id']); if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) { if (($ret = verify_email($id)) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Invalid email address or can't verify it."); } else { $options['email'] = $id; $user->setID($id); } } else { if (!preg_match("/\\//", $id)) { $user->setID($id); } } // protect http:// style id if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) { $title = _("Please check join agreement."); } else { if ($ok_ticket and $user->id != "Anonymous") { if (!empty($DBInfo->use_safelogin)) { $mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10)); $mypass = substr($mypass, 0, 8); $options['password'] = $mypass; $ret = $user->setPasswd(md5($mypass), md5($mypass), 1); } else { $ret = $user->setPasswd($options['password'], $options['passwordagain']); } if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) { $ret = 0; } if ($ret <= 0) { if ($ret == 0) { $title = _("too short password!"); } else { if ($ret == -1) { $title = _("mismatch password!"); } else { if ($ret == -2) { $title = _("not acceptable character found in the password!"); } } } } else { if ($ret < 8 and empty($DBInfo->use_safelogin)) { $options['msg'] = _("Your password is too simple to use as a password !"); } $udb = $DBInfo->udb; if ($options['email']) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { if (($ret = verify_email($options['email'])) < 0) { $options['email'] = ''; // reset email address $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address."); } } else { $options['msg'] .= '<br/>' . _("Your email address is not valid"); } } if ($udb->isNotUser($user)) { if (!empty($DBInfo->no_register)) { $options['msg'] = _("Fail to register"); $options['err'] = _("You are not allowed to register on this wiki"); $options['err'] .= "\n" . _("Please contact WikiMasters"); do_invalid($formatter, $options); return; } $title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id)); $options['id'] = $user->id; $ticket = md5(time() . $user->id . $options['email']); $user->info['eticket'] = $ticket . "." . $options['email']; if (!empty($DBInfo->use_safelogin)) { $options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id); $options['msg'] .= '<br />' . _("Please check your mailbox"); } $args = array(); if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) { $args = array('suspended' => 1); } if (!empty($DBInfo->register_confirm_admin)) { $args = array('suspended' => 1); } if (!empty($DBInfo->register_confirm_admin)) { if (!empty($options['msg'])) { $options['msg'] .= '<br />'; } $options['msg'] .= _("Your need to wait until your ID activated by admin"); } // save join agreement if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $user->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $user->info['join_agreement_version'] = $DBInfo->agreement_version; } } if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) { $formatter->header($user->setCookie()); } $ret = $udb->addUser($user, $args); # XXX if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation"); $body = ''; if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) { $body = file_get_contents($DBInfo->email_register_header); $body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body); } $body .= _("Please confirm your email address") . "\n\n"; $body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body .= "\n"; if (!empty($DBInfo->use_safelogin)) { $body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n"; $body .= _("Please change your password later") . "\n"; } $ret = wiki_sendmail($body, $options); if (is_array($ret)) { $options['msg'] .= $ret['msg']; } else { $options['msg'] .= '<br/>' . _("Confirmation E-mail sent"); } } } else { # already exist user $user = $udb->getUser($user->id); if ($user->checkPasswd($options['password']) === true) { $options['msg'] .= sprintf(_("Successfully login as '%s'"), $id); $options['id'] = $user->id; $formatter->header($user->setCookie()); $udb->saveUser($user); # XXX } else { $title = _("Invalid password !"); } } } } else { if (empty($title)) { $title = _("Invalid username !"); } } } } else { if ($user->id != "Anonymous") { # save profile $udb =& $DBInfo->udb; $userinfo = $udb->getUser($user->id); if (!empty($options['password']) and !empty($options['passwordagain'])) { $chall = 0; if (!empty($DBInfo->use_safelogin)) { if (isset($options['_chall'])) { $chall = $options['challenge']; } else { $chall = rand(100000); $options['password'] = hmac($chall, $options['password']); } } //echo 'chall=',$chall,' ',$options['password']; if ($userinfo->checkPasswd($options['password'], $chall) === true) { if ($DBInfo->use_safelogin) { $mypass = md5($options['passwordagain']); // XXX $ret = $userinfo->setPasswd($mypass, $mypass, 1); } else { $ret = $userinfo->setPasswd($options['passwordagain']); } if ($ret <= 0) { if ($ret == 0) { $title = _("too short password!"); } else { if ($ret == -1) { $title = _("mismatch password !"); } else { if ($ret == -2) { $title = _("not acceptable character found in the password!"); } } } $options['msg'] = _("Password is not changed !"); } else { $title = _("Password is changed !"); if ($ret < 8) { $options['msg'] = _("Password is too simple to use as a password !"); } } } else { $title = _("Invalid password !"); $options['msg'] = _("Password is not changed !"); } } if (isset($options['user_css'])) { $userinfo->info['css_url'] = $options['user_css']; } if (isset($options['timezone'])) { list($hour, $min) = explode(':', $options['timezone']); $min = $min * 60; $min = $hour < 0 ? -1 * $min : $min; $tz_offset = $hour * 3600 + $min; $userinfo->info['tz_offset'] = $tz_offset; } if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) { $userinfo->info['join_agreement'] = 'agree'; if (!empty($DBInfo->agreement_version)) { $userinfo->info['join_agreement_version'] = $DBInfo->agreement_version; } } $button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0; if ($button_check_email_again and !empty($userinfo->info['eticket'])) { list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2); if (!empty($email)) { $options['email'] = $email; } } if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) { if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) { if (($ret = verify_email($options['email'])) < 0) { $ret = -$ret; $options['msg'] .= '<br />' . 'ERROR Code: ' . $ret; $options['msg'] .= '<br />' . _("Invalid email address or can't verify it."); } else { $ticket = md5(time() . $userinfo->info['id'] . $options['email']); $userinfo->info['eticket'] = $ticket . "." . $options['email']; $options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation"); $body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}")); $body = _("Please confirm your email address") . "\n" . $body; $ret = wiki_sendmail($body, $options); if (is_array($ret)) { $options['msg'] = $ret['msg']; } else { $options['msg'] = _("E-mail confirmation mail sent"); } } } else { $options['msg'] = _("Your email address is not valid"); } } if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) { $nick = $userinfo->getID($options['nick']); // nickname check XXX if (!$udb->_exists($nick)) { $userinfo->info['nick'] = $nick; } else { $options['msg'] = _("Your Nickname already used as ID in this wiki"); } } $udb->saveUser($userinfo); #$options['css_url']=$options['user_css']; if (!isset($options['msg'])) { $options['msg'] = _("Profiles are saved successfully !"); } } else { if ($user->id == "Anonymous" and isset($options['openid_url'])) { # login with openid include_once 'lib/openid.php'; session_start(); $process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform")); $trust_root = qualifiedUrl($formatter->link_url("")); $openid = new SimpleOpenID(); $openid->SetIdentity($options['openid_url']); $openid->SetTrustRoot($trust_root); $openid->SetRequiredFields(array('nickname', 'email', 'fullname')); $openid->SetOptionalFields(array('language', 'timezone')); if ($openid->GetOpenIDServer()) { $openid->SetApprovedURL($process_url); // Send Response from OpenID server to this script $openid->Redirect(); // This will redirect user to OpenID Server return; } else { $error = $openid->GetError(); #echo "ERROR CODE: " . $error['code'] . "<br>"; #echo "ERROR DESCRIPTION: " . $error['description'] . "<br>"; $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']); } } else { if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') { // OpenID result include_once 'lib/openid.php'; if (!preg_match('/utf-?8/i', $DBInfo->charset)) { $options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']); $options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']); } $openid = new SimpleOpenID(); $openid->SetIdentity($options['openid_identity']); $openid_validation_result = $openid->ValidateWithServer(); if ($openid_validation_result == true) { // OK HERE KEY IS VALID $userdb =& $DBInfo->udb; // XXX $user->setID($options['openid_identity']); // XXX if (!empty($options['openid_language'])) { $user->info['language'] = strtolower($options['openid_sreg_language']); } //$user->info['tz_offset']=$options['openid_timezone']; if ($userdb->_exists($options['openid_identity'])) { $user = $userdb->getUser($options['openid_identity']); $user->info['idtype'] = 'openid'; $options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']); $formatter->header($user->setCookie()); $userdb->saveUser($user); // always save } else { if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) { $options['msg'] = _("Fail to register"); $options['err'] = _("You are not allowed to register on this wiki"); $options['err'] .= "\n" . _("Please contact WikiMasters"); do_invalid($formatter, $options); return; } if ($options['openid_sreg_nickname']) { $nick = $user->getID($options['openid_sreg_nickname']); if (!$userdb->_exists($nick)) { $user->info['nick'] = $nick; } else { $options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick); } } $user->info['email'] = $options['openid_sreg_email']; $user->info['idtype'] = 'openid'; $userdb->addUser($user); $formatter->header($user->setCookie()); $userdb->saveUser($user); $options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']); } $options['id'] = $user->id; } else { if ($openid->IsError() == true) { // ON THE WAY, WE GOT SOME ERROR $error = $openid->GetError(); $options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']); } else { // Signature Verification Failed $options["msg"] = _("Invalid OpenID Authentication request"); echo "INVALID AUTHORIZATION"; } } } else { if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) { $options['agreement'] = 1; $form = macro_UserPreferences($formatter, '', $options); } else { $options["msg"] = _("Invalid request"); } } } } } } } } } } } $myrefresh = ''; if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) { $sec = $DBInfo->use_refresh - 1; if (!empty($options['return_url'])) { $lnk = $options['return_url']; } else { $lnk = $formatter->link_url($formatter->page->urlname, '?action=show'); } $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk); } $formatter->send_header($myrefresh, $options); $formatter->send_title($title, "", $options); if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) { $lnk = $formatter->link_to('?action=show'); if (empty($form)) { echo sprintf(_("return to %s"), $lnk); } else { echo $form; } } else { if (!empty($form)) { print $form; } # else $formatter->send_page("Goto UserPreferences"); } $formatter->send_footer("", $options); }
/// TO DO: /* * need to add validation: * ///Check for empty * check that lat and lng are valid * check that address geocodes (again???) * ///check that times regex to valid * ///check that event time comes after current date * ///also check that event end is not before start * check that name and description have at least 5 letters in them maybe? */ // process the contact info, if any $isOk = false; if ($isContactInfo == 1) { if ($contactType == "email") { $isOk = verify_email($contactInfo); } if ($contactType == "phone") { $isOk = verify_phone($contactInfo); $contactInfo = $contactInfo['phone1'] . $contactInfo['phone2'] . $contactInfo['phone3']; } } else { $isContactInfo = 0; } // in case something nasty happened. // clean a bit: $all_fields = clean_fields($all_fields); extract($all_fields); // main validation check if (checkEmpties($all_fields)) { if (dateCheckValid($all_fields)) {
echo "<script>alert('Ocurrio un error al intentar de dar de su usuario.');</script>"; } } else { /* Cuando la imagen es de un formato no permitido o supera el tamaño maximo*/ echo "<script>alert('Imagen no permitida');</script>"; } } } else { /* si las contraseñas no coinciden */ echo "<script>alert('Las contraseñas no coinciden,<br>los campos contraseña y confirmar contraseña deben ser iguales.');</script>"; } } } } else { if (isset($_POST['recovery'])) { if (verify_email($_POST['reemail'], $result) == 1) { /* aquí entra si ya existe el usuario*/ $sqlres = "SELECT usuario,password FROM usuarios where email='" . $_POST['reemail'] . "'"; $resultres = mysqli_query($con, $sqlres); if ($resultres) { while ($rowres = mysqli_fetch_row($resultres)) { $reuser = $rowres[0]; $repass = $rowres[1]; } } $email = '*****@*****.**'; $para = $_POST['reemail']; $titulo = 'INFORMACIÓN DE CUENTA'; $header = 'From: ' . $email; $msjCorreo = "Los datos de su cuenta son:\nUsuario: {$reuser}\n Contraseña: {$repass}"; if (mail($para, $titulo, $msjCorreo, $header)) {
<?php require_once 'config.php'; require_once 'auth.php'; require_once 'verify_lib.php'; header("Content-Type: application/json"); if ($https && !isset($_SERVER['HTTPS'])) { // We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen exit(json_encode(array('error' => 'tls_failure'))); } if (!user_logged_in()) { exit(json_encode(array('error' => 'not_logged_in'))); } $viewer_id = get_viewer_id(); $result = $conn->query("SELECT username, email, email_verified FROM users WHERE id = {$viewer_id}"); $user_row = $result->fetch_assoc(); $username = $user_row['username']; $email = $user_row['email']; $email_verified = $user_row['email_verified']; if ($email_verified) { exit(json_encode(array('error' => 'already_verified'))); } verify_email($viewer_id, $username, $email); exit(json_encode(array('success' => true)));
exit(json_encode(array('error' => 'empty_password'))); } $valid_username_regex = "/^[a-zA-Z0-9-_]+\$/"; if (!preg_match($valid_username_regex, $username)) { exit(json_encode(array('error' => 'invalid_username'))); } $valid_email_regex = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+" . "@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?" . "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/"; if (!preg_match($valid_email_regex, $email)) { exit(json_encode(array('error' => 'invalid_email'))); } $username = $conn->real_escape_string($username); $email = $conn->real_escape_string($email); $result = $conn->query("SELECT COUNT(id) AS count FROM users " . "WHERE LCASE(username) = LCASE('{$username}')"); $matching_username_row = $result->fetch_assoc(); if ($matching_username_row['count'] !== '0') { exit(json_encode(array('error' => 'username_taken'))); } $result = $conn->query("SELECT COUNT(id) AS count FROM users WHERE LCASE(email) = LCASE('{$email}')"); $matching_email_row = $result->fetch_assoc(); if ($matching_email_row['count'] !== '0') { exit(json_encode(array('error' => 'email_taken'))); } $hash = password_hash($password, PASSWORD_BCRYPT); $time = round(microtime(true) * 1000); // in milliseconds $conn->query("INSERT INTO ids(table_name) VALUES('users')"); $id = $conn->insert_id; $conn->query("INSERT INTO users(id, username, hash, email, creation_time) " . "VALUES ({$id}, '{$username}', '{$hash}', '{$email}', {$time})"); create_user_cookie($id); verify_email($id, $username, $email, true); exit(json_encode(array('success' => true)));
fputs($fp, "QUIT\r\n"); fclose($fp); if (substr($line, 0, 3) != '250') { // SMTP 서버가 이 주소를 인식하지 못하므로 잘못된 주소임 $error = $line; return false; } else { // 주소를 인식했음 return true; } } $error = '메일 교환기에 도달하지 못하였습니다.'; return false; } if ($mode == "verify") { $ret = verify_email($address, &$error); echo "<meta charset=\"euc-kr\">"; if ($ret) { echo "<script>alert('이메일주소 검사 성공');</script>"; } else { echo "<script>alert('이메일주소 검사 실패\\n\\n{$error}');</script>"; } echo "<script>location.href='{$PHP_SELF}';</script>"; exit; } ?> <meta charset="utf-8"> <title>이메일주소 검사 프로그램</title> <form method="post"> <input type="hidden" name="mode" value="verify">
function main_validation($email, $password) { $errors = $GLOBALS['errors']; $email2 = verify_email($email); if ($email2 != false) { if (verify_password($password, $email2)) { $cxn = $GLOBALS['cxn']; $query_email = "SELECT user_id, first_name, privlege_level FROM user_list WHERE email=?"; $stm2 = $cxn->prepare($query_email); $stm2->bind_param("s", $email2); $stm2->execute(); $stm2->bind_result($user_id, $first_name, $privleges); $stm2->fetch(); $stm2->close(); $last_ip = $_SERVER['REMOTE_ADDR']; //pulled out the one in the table, so we don't need to use prepareds again. $query_login_time = "UPDATE user_list SET last_login=NOW(), last_ip='{$last_ip}' WHERE user_id='{$user_id}' "; $res = mysqli_query($cxn, $query_login_time) or die("error: " . mysqli_error($cxn)); /// set session infos $_SESSION['signed_in'] = true; $_SESSION['email'] = $email2; $_SESSION['fname'] = $first_name; $_SESSION['user_id'] = $user_id; $_SESSION['privleges'] = $privleges; //$_SESSION['city'] = $city; //$_SESSION['state'] = $state; $arr = array("user_id" => $user_id, "name" => $first_name); return $arr; } else { $errors .= "password did not match our records"; $GLOBALS['errors'] = $errors; $_SESSION['signed_in'] = false; return array("user_id" => 0, "name" => "failure"); } } else { $errors .= "email was not found"; $GLOBALS['errors'] = $errors; $_SESSION['signed_in'] = false; return array("user_id" => 0, "name" => "failure"); } }